By Evan Sparks
“Open banking”—is it an aspirational slogan, a discrete business model or a regulatory regime?
For ABA VP Rob Morgan, who works on fintech policy, “it is what you want it to be.” The term is just vague enough to accommodate a wide variety of concepts, from access to customers’ financial data up to comprehensive financial marketplaces.
In Europe, open banking is closely associated with a specific European Commission regulation called the Payment Services Directive, known in its most recent incarnation as PSD2, which took effect in at the beginning of 2018. Under PSD2, bank customers may authorize third parties to securely access and process their bank funds.
Banks are complying with PSD2 through the use of open application programming interfaces, or APIs, which allow different software components to exchange information.
Europe may be in the vanguard of this regulatory change, but it’s not alone. “So many countries have started to follow Europe’s standards—and actually go beyond,” says Dharmesh Mistry, chief digital officer at banking software company Temenos. In Hong Kong, for example, open banking directives encompass a broader range of financial products.
And while the U.S. for now has no comparable policy, U.S. banks are investing heavily in APIs as the core of the open banking concept, which at its broadest envisions a world where every consumer can easily access his or her financial data and authorize access to anyone else.
APIs are widely known and used in the tech world—it’s the process by which a carefully lit and framed Instagram photo of dinner gets simultaneously shared on Facebook and Twitter. But when it comes to banking, “this isn’t a picture of what I had for dinner last night,” says Morgan. “This is financial data that really impacts my well-being.”
Secure APIs are the preferred alternative to a technique known as “screen scraping”—in which customers hand over their own account credentials to a third party, which stores those credentials to access the customer’s bank account.
But this poses some risk for a customer—such as uncertain liability under Regulation E for unauthorized transactions made by a third party that has the login information.
For example, Wells Fargo has developed APIs that allow customers to securely share information with companies like Intuit (whose products include QuickBooks, Mint and TurboTax), Finicity and Xero.
This way, “customers don’t have to use the screen scraping approach,” says Ben Soccorsy, SVP for virtual channels at Wells Fargo. “We’ve always advised customers not to share their credentials.” Other large banks like Chase and Capital One have been launching API partnerships with financial data aggregators and fintech companies to help their customers access a broader set of financial products without using screen scraping.
More broadly, open banking encompasses the ability to use new data tools like machine learning to improve both back-office functions like anti-money laundering compliance and front-office services like product creation, says Patrick Pinschmidt, a partner at Middlegame Ventures and former Treasury Department official. It provides a “tremendous opportunity . . . to move from the silo-based institution,” he says.
“Open banking is more about the business model and less about a particular product or architecture,” adds Prema Varadhan, chief product architect at Temenos, which recently rolled out a new front office suite that streamlines the ways banks develop and offer retail, commercial and wealth management products across all core platforms.
No matter what business model a bank chooses, Varadhan points out, its architecture will need to have open APIs, security standards, scalability and real-time information.
Temenos digital strategist Kam Chana adds that embracing open—but secure—access to customer data will position banks well in the digital era. “Open banking is proving one way that banks are seeing that they can leapfrog rather than simply catch up with their peers,” she says.